sfdx-hardis 6.14.4-beta202512080425.0 → 6.14.4

package/oclif.manifest.json

@@ -132,12 +132,13 @@
         "clear:cache:hardis"
       ]
     },
-    "hardis:config:get": {
+    "hardis:auth:login": {
       "aliases": [],
       "args": {},
-      "description": "\n## Command Behavior\n\n**Retrieves and displays the sfdx-hardis configuration for a specified level.**\n\nThis command allows you to inspect the configuration that is currently in effect for your project, which is useful for debugging and understanding how sfdx-hardis will behave.\n\n- **Configuration levels:** It can retrieve configuration from three different levels:\n  - **Project:** The configuration defined in the project's `.sfdx-hardis.yml` file.\n  - **Branch:** The configuration defined in a branch-specific configuration file (e.g., `.sfdx-hardis.production.yml`).\n  - **User:** The global user-level configuration.\n\n## Technical explanations\n\nThe command's logic is straightforward:\n\n- **`getConfig` function:** It calls the `getConfig` utility function, passing the desired configuration level as an argument.\n- **Configuration loading:** The `getConfig` function is responsible for finding the appropriate configuration file, reading its contents, and parsing it as YAML or JSON.\n- **Output:** The retrieved configuration is then displayed to the user as a JSON string.\n",
+      "description": "\n## Command Behavior\n\n**Authenticates to a Salesforce org, primarily designed for CI/CD workflows.**\n\nThis command facilitates secure and automated logins to Salesforce organizations within continuous integration and continuous delivery pipelines. It leverages pre-configured authentication details, ensuring that CI/CD processes can interact with Salesforce without manual intervention.\n\nKey aspects:\n\n- **Configuration-Driven:** It relies on authentication variables and files set up by dedicated configuration commands:\n  - For CI/CD repositories: [Configure Org CI Authentication](https://sfdx-hardis.cloudity.com/hardis/project/configure/auth/)\n  - For Monitoring repositories: [Configure Org Monitoring](https://sfdx-hardis.cloudity.com/hardis/org/configure/monitoring/)\n- **Technical Org Support:** Supports authentication to a 'technical org' (e.g., for calling Agentforce from another org) by utilizing the `SFDX_AUTH_URL_TECHNICAL_ORG` environment variable. If this variable is set, the command authenticates to this org with the alias `TECHNICAL_ORG`.\n\nTo obtain the `SFDX_AUTH_URL_TECHNICAL_ORG` value, you can run `sf org display --verbose --json` and copy the `sfdxAuthUrl` field from the output.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical flow involves:\n\n- **Flag Parsing:** It parses command-line flags such as `instanceurl`, `devhub`, `scratchorg`, and `debug` to determine the authentication context.\n- **Authentication Hook:** It triggers an internal authentication hook (`this.config.runHook('auth', ...`)) which is responsible for executing the actual authentication logic based on the provided flags (e.g., whether it's a Dev Hub or a scratch org).\n- **Environment Variable Check:** It checks for the presence of `SFDX_AUTH_URL_TECHNICAL_ORG` or `TECHNICAL_ORG_ALIAS` environment variables.\n- **`authOrg` Utility:** If a technical org is configured, it calls the `authOrg` utility function to perform the authentication for that specific org, ensuring it's connected and available for subsequent operations.\n- **Salesforce CLI Integration:** It integrates with the Salesforce CLI's authentication mechanisms to establish and manage org connections.\n</details>\n",
       "examples": [
-        "$ sf hardis:project:deploy:sources:metadata"
+        "$ sf hardis:auth:login",
+        "CI=true CI_COMMIT_REF_NAME=monitoring_myclient sf hardis:auth:login"
       ],
       "flags": {
         "json": {
@@ -155,20 +156,28 @@
           "multiple": false,
           "type": "option"
         },
-        "level": {
-          "char": "l",
-          "description": "project,branch or user",
-          "name": "level",
-          "default": "project",
+        "instanceurl": {
+          "char": "r",
+          "description": "URL of org instance",
+          "name": "instanceurl",
           "hasDynamicHelp": false,
           "multiple": false,
-          "options": [
-            "project",
-            "branch",
-            "user"
-          ],
           "type": "option"
         },
+        "devhub": {
+          "char": "h",
+          "description": "Also connect associated DevHub",
+          "name": "devhub",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "scratchorg": {
+          "char": "s",
+          "description": "Scratch org",
+          "name": "scratchorg",
+          "allowNo": false,
+          "type": "boolean"
+        },
         "debug": {
           "char": "d",
           "description": "Activate debug mode (more logs)",
@@ -192,39 +201,38 @@
       },
       "hasDynamicHelp": false,
       "hiddenAliases": [],
-      "id": "hardis:config:get",
+      "id": "hardis:auth:login",
       "pluginAlias": "sfdx-hardis",
       "pluginName": "sfdx-hardis",
       "pluginType": "core",
       "strict": true,
       "enableJsonFlag": true,
-      "title": "Deploy metadata sources to org",
+      "title": "Login",
       "requiresProject": false,
       "isESM": true,
       "relativePath": [
         "lib",
         "commands",
         "hardis",
-        "config",
-        "get.js"
+        "auth",
+        "login.js"
       ],
       "aliasPermutations": [],
       "permutations": [
-        "hardis:config:get",
-        "config:hardis:get",
-        "config:get:hardis",
-        "hardis:get:config",
-        "get:hardis:config",
-        "get:config:hardis"
+        "hardis:auth:login",
+        "auth:hardis:login",
+        "auth:login:hardis",
+        "hardis:login:auth",
+        "login:hardis:auth",
+        "login:auth:hardis"
       ]
     },
-    "hardis:auth:login": {
+    "hardis:config:get": {
       "aliases": [],
       "args": {},
-      "description": "\n## Command Behavior\n\n**Authenticates to a Salesforce org, primarily designed for CI/CD workflows.**\n\nThis command facilitates secure and automated logins to Salesforce organizations within continuous integration and continuous delivery pipelines. It leverages pre-configured authentication details, ensuring that CI/CD processes can interact with Salesforce without manual intervention.\n\nKey aspects:\n\n- **Configuration-Driven:** It relies on authentication variables and files set up by dedicated configuration commands:\n  - For CI/CD repositories: [Configure Org CI Authentication](https://sfdx-hardis.cloudity.com/hardis/project/configure/auth/)\n  - For Monitoring repositories: [Configure Org Monitoring](https://sfdx-hardis.cloudity.com/hardis/org/configure/monitoring/)\n- **Technical Org Support:** Supports authentication to a 'technical org' (e.g., for calling Agentforce from another org) by utilizing the `SFDX_AUTH_URL_TECHNICAL_ORG` environment variable. If this variable is set, the command authenticates to this org with the alias `TECHNICAL_ORG`.\n\nTo obtain the `SFDX_AUTH_URL_TECHNICAL_ORG` value, you can run `sf org display --verbose --json` and copy the `sfdxAuthUrl` field from the output.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical flow involves:\n\n- **Flag Parsing:** It parses command-line flags such as `instanceurl`, `devhub`, `scratchorg`, and `debug` to determine the authentication context.\n- **Authentication Hook:** It triggers an internal authentication hook (`this.config.runHook('auth', ...`)) which is responsible for executing the actual authentication logic based on the provided flags (e.g., whether it's a Dev Hub or a scratch org).\n- **Environment Variable Check:** It checks for the presence of `SFDX_AUTH_URL_TECHNICAL_ORG` or `TECHNICAL_ORG_ALIAS` environment variables.\n- **`authOrg` Utility:** If a technical org is configured, it calls the `authOrg` utility function to perform the authentication for that specific org, ensuring it's connected and available for subsequent operations.\n- **Salesforce CLI Integration:** It integrates with the Salesforce CLI's authentication mechanisms to establish and manage org connections.\n</details>\n",
+      "description": "\n## Command Behavior\n\n**Retrieves and displays the sfdx-hardis configuration for a specified level.**\n\nThis command allows you to inspect the configuration that is currently in effect for your project, which is useful for debugging and understanding how sfdx-hardis will behave.\n\n- **Configuration levels:** It can retrieve configuration from three different levels:\n  - **Project:** The configuration defined in the project's `.sfdx-hardis.yml` file.\n  - **Branch:** The configuration defined in a branch-specific configuration file (e.g., `.sfdx-hardis.production.yml`).\n  - **User:** The global user-level configuration.\n\n## Technical explanations\n\nThe command's logic is straightforward:\n\n- **`getConfig` function:** It calls the `getConfig` utility function, passing the desired configuration level as an argument.\n- **Configuration loading:** The `getConfig` function is responsible for finding the appropriate configuration file, reading its contents, and parsing it as YAML or JSON.\n- **Output:** The retrieved configuration is then displayed to the user as a JSON string.\n",
       "examples": [
-        "$ sf hardis:auth:login",
-        "CI=true CI_COMMIT_REF_NAME=monitoring_myclient sf hardis:auth:login"
+        "$ sf hardis:project:deploy:sources:metadata"
       ],
       "flags": {
         "json": {
@@ -242,28 +250,20 @@
           "multiple": false,
           "type": "option"
         },
-        "instanceurl": {
-          "char": "r",
-          "description": "URL of org instance",
-          "name": "instanceurl",
+        "level": {
+          "char": "l",
+          "description": "project,branch or user",
+          "name": "level",
+          "default": "project",
           "hasDynamicHelp": false,
           "multiple": false,
+          "options": [
+            "project",
+            "branch",
+            "user"
+          ],
           "type": "option"
         },
-        "devhub": {
-          "char": "h",
-          "description": "Also connect associated DevHub",
-          "name": "devhub",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "scratchorg": {
-          "char": "s",
-          "description": "Scratch org",
-          "name": "scratchorg",
-          "allowNo": false,
-          "type": "boolean"
-        },
         "debug": {
           "char": "d",
           "description": "Activate debug mode (more logs)",
@@ -287,30 +287,30 @@
       },
       "hasDynamicHelp": false,
       "hiddenAliases": [],
-      "id": "hardis:auth:login",
+      "id": "hardis:config:get",
       "pluginAlias": "sfdx-hardis",
       "pluginName": "sfdx-hardis",
       "pluginType": "core",
       "strict": true,
       "enableJsonFlag": true,
-      "title": "Login",
+      "title": "Deploy metadata sources to org",
       "requiresProject": false,
       "isESM": true,
       "relativePath": [
         "lib",
         "commands",
         "hardis",
-        "auth",
-        "login.js"
+        "config",
+        "get.js"
       ],
       "aliasPermutations": [],
       "permutations": [
-        "hardis:auth:login",
-        "auth:hardis:login",
-        "auth:login:hardis",
-        "hardis:login:auth",
-        "login:hardis:auth",
-        "login:auth:hardis"
+        "hardis:config:get",
+        "config:hardis:get",
+        "config:get:hardis",
+        "hardis:get:config",
+        "get:hardis:config",
+        "get:config:hardis"
       ]
     },
     "hardis:doc:fieldusage": {
@@ -5539,12 +5539,15 @@
         "import:data:org:hardis"
       ]
     },
-    "hardis:org:files:export": {
+    "hardis:org:diagnose:audittrail": {
       "aliases": [],
       "args": {},
-      "description": "\n## Command Behavior\n\n**Exports file attachments (ContentVersion, Attachment) from a Salesforce org based on a predefined configuration.**\n\nThis command enables the mass download of files associated with Salesforce records, providing a robust solution for backing up files, migrating them to other systems, or integrating them with external document management solutions.\n\nKey functionalities:\n\n- **Configuration-Driven Export:** Relies on an `export.json` file within a designated file export project to define the export criteria, including the SOQL query for parent records, file types to export, output naming conventions, and file size filtering.\n- **File Size Filtering:** Supports minimum file size filtering via the `fileSizeMin` configuration parameter (in KB). Files smaller than the specified size will be skipped during export.\n- **File Validation:** After downloading each file, validates the integrity by:\n  - **Checksum Validation:** For ContentVersion files, compares MD5 checksum with Salesforce's stored checksum\n  - **Size Validation:** For both ContentVersion and Attachment files, verifies actual file size matches expected size\n  - **Status Tracking:** Files are categorized with specific statuses: `success` (valid files), `failed` (download errors), `skipped` (filtered files), `invalid` (downloaded but failed validation)\n  - All validation results are logged in the CSV export log for audit purposes\n- **Resume/Restart Capability:** \n  - **Resume Mode:** When `--resume` flag is used (default in CI environments), checks existing downloaded files for validity. Valid files are skipped, invalid files are re-downloaded.\n  - **Restart Mode:** When resume is disabled, clears the output folder and starts a fresh export.\n  - **Interactive Mode:** When existing files are found and `--resume` is not explicitly specified (non-CI environments), prompts the user to choose between resume or restart.\n- **Interactive Project Selection:** If the file export project path is not provided via the `--path` flag, it interactively prompts the user to select one.\n- **Configurable Export Options:** Allows overriding default export settings such as `chunksize` (number of records processed in a batch), `polltimeout` (timeout for Bulk API calls), and `startchunknumber` (to resume a failed export).\n- **Support for ContentVersion and Attachment:** Handles both modern Salesforce Files (ContentVersion) and older Attachments.\n\nSee this article for a practical example:\n\n[![How to mass download notes and attachments files from a Salesforce org](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-mass-download.jpg)](https://nicolas.vuillamy.fr/how-to-mass-download-notes-and-attachments-files-from-a-salesforce-org-83a028824afd)\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **FilesExporter Class:** The core logic is encapsulated within the `FilesExporter` class, which orchestrates the entire export process.\n- **SOQL Queries (Bulk API):** It uses Salesforce Bulk API queries to efficiently retrieve large volumes of parent record IDs and file metadata, including checksums and file sizes.\n- **File Download:** Downloads the actual file content from Salesforce.\n- **File Validation:** After each successful download, validates file integrity by comparing checksums (ContentVersion) and file sizes (both ContentVersion and Attachment) against Salesforce metadata.\n- **Resume Logic:** In resume mode, checks for existing files before downloading, validates their integrity, and only re-downloads invalid or missing files. This enables efficient recovery from interrupted exports.\n- **File System Operations:** Writes the downloaded files to the local file system, organizing them into folders based on the configured naming conventions.\n- **Configuration Loading:** Reads the `export.json` file to get the export configuration. It also allows for interactive overriding of these settings.\n- **Interactive Prompts:** Uses `selectFilesWorkspace` to allow the user to choose a file export project, `promptFilesExportConfiguration` for customizing export options, and prompts for resume/restart choice when existing files are found.\n- **Error Handling:** Includes mechanisms to handle potential errors during the export process, such as network issues, API limits, and file validation failures. Each file is assigned a specific status (`success`, `failed`, `skipped`, `invalid`) for comprehensive tracking and troubleshooting.\n</details>\n",
+      "description": "Export Audit trail into a CSV file with selected criteria, and highlight suspect actions\n\nAlso detects updates of Custom Settings values (disable by defining `SKIP_AUDIT_TRAIL_CUSTOM_SETTINGS=true`)\n\nRegular setup actions performed in major orgs are filtered.\n\n- \"\"\n  - createScratchOrg\n  - changedsenderemail\n  - deleteScratchOrg\n  - loginasgrantedtopartnerbt\n- Certificate and Key Management\n  - insertCertificate\n- Custom App Licenses\n  - addeduserpackagelicense\n  - granteduserpackagelicense\n  - revokeduserpackagelicense\n- Customer Portal\n  - createdcustomersuccessuser\n  - CSPUserDisabled\n- Currency\n  - updateddatedexchrate\n- Data Management\n  - queueMembership\n- Email Administration\n  - dkimRotationPreparationSuccessful\n  - dkimRotationSuccessful\n- External Objects\n  - xdsEncryptedFieldChange\n- Groups\n  - groupMembership\n- Holidays\n  - holiday_insert\n- Inbox mobile and legacy desktop apps\n  - enableSIQUserNonEAC\n  - siqUserAcceptedTOS\n- Manage Users\n  - activateduser\n  - createduser\n  - changedcommunitynickname\n  - changedemail\n  - changedfederationid\n  - changedpassword\n  - changedinteractionuseroffon\n  - changedinteractionuseronoff\n  - changedmarketinguseroffon\n  - changedmarketinguseronoff\n  - changedofflineuseroffon\n  - changedprofileforuserstdtostd\n  - changedprofileforuser\n  - changedprofileforusercusttostd\n  - changedprofileforuserstdtocust\n  - changedroleforusertonone\n  - changedroleforuser\n  - changedroleforuserfromnone\n  - changedUserAdminVerifiedStatusVerified\n  - changedUserEmailVerifiedStatusUnverified\n  - changedUserEmailVerifiedStatusVerified\n  - changedknowledgeuseroffon\n  - changedsfcontentuseroffon\n  - changedsupportuseroffon\n  - changedusername\n  - changedUserPhoneNumber\n  - changedUserPhoneVerifiedStatusUnverified\n  - changedUserPhoneVerifiedStatusVerified\n  - deactivateduser\n  - deleteAuthenticatorPairing\n  - deleteTwoFactorInfo2\n  - deleteTwoFactorTempCode\n  - frozeuser\n  - insertAuthenticatorPairing\n  - insertTwoFactorInfo2\n  - insertTwoFactorTempCode\n  - lightningloginenroll\n  - PermSetAssign\n  - PermSetGroupAssign\n  - PermSetGroupUnassign\n  - PermSetLicenseAssign\n  - PermSetUnassign\n  - PermSetLicenseUnassign\n  - registeredUserPhoneNumber\n  - resetpassword\n  - suNetworkAdminLogin\n  - suNetworkAdminLogout\n  - suOrgAdminLogin\n  - suOrgAdminLogout\n  - unfrozeuser\n  - useremailchangesent\n- Mobile Administration\n  - assigneduserstomobileconfig\n- Reporting Snapshots\n  - createdReportJob\n  - deletedReportJob\n- Sandboxes\n  - DeleteSandbox\n\nBy default, deployment user defined in .sfdx-hardis.yml targetUsername property will be excluded.\n\nYou can define additional users to exclude in .sfdx-hardis.yml **monitoringExcludeUsernames** property.\n\nYou can also add more sections / actions considered as not suspect using property **monitoringAllowedSectionsActions**\n\nExample:\n\n```yaml\nmonitoringExcludeUsernames:\n  - deploymentuser@cloudity.com\n  - marketingcloud@cloudity.com\n  - integration-user@cloudity.com\n\nmonitoringAllowedSectionsActions:\n  \"Some section\": [] // Will ignore all actions from such section\n  \"Some other section\": [\"actionType1\",\"actionType2\",\"actionType3\"] // Will ignore only those 3 actions from section \"Some other section\". Other actions in the same section will be considered as suspect.\n```\n\n## Excel output example\n\n![](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/screenshot-monitoring-audittrail-excel.jpg)\n\n## Local output example\n\n![](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/screenshot-monitoring-audittrail-local.jpg)\n\nThis command is part of [sfdx-hardis Monitoring](https://sfdx-hardis.cloudity.com/salesforce-monitoring-suspect-audit-trail/) and can output Grafana, Slack and MsTeams Notifications.\n",
       "examples": [
-        "$ sf hardis:org:files:export"
+        "$ sf hardis:org:diagnose:audittrail",
+        "$ sf hardis:org:diagnose:audittrail --excludeusers baptiste@titi.com",
+        "$ sf hardis:org:diagnose:audittrail --excludeusers baptiste@titi.com,bertrand@titi.com",
+        "$ sf hardis:org:diagnose:audittrail --lastndays 5"
       ],
       "flags": {
         "json": {
@@ -5562,48 +5565,30 @@
           "multiple": false,
           "type": "option"
         },
-        "path": {
-          "char": "p",
-          "description": "Path to the file export project",
-          "name": "path",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "chunksize": {
-          "char": "c",
-          "description": "Number of records to add in a chunk before it is processed",
-          "name": "chunksize",
-          "default": 1000,
+        "excludeusers": {
+          "char": "e",
+          "description": "Comma-separated list of usernames to exclude",
+          "name": "excludeusers",
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
         },
-        "polltimeout": {
+        "lastndays": {
           "char": "t",
-          "description": "Timeout in MS for Bulk API calls",
-          "name": "polltimeout",
-          "default": 300000,
+          "description": "Number of days to extract from today (included)",
+          "name": "lastndays",
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
         },
-        "startchunknumber": {
-          "char": "s",
-          "description": "Chunk number to start from",
-          "name": "startchunknumber",
-          "default": 0,
+        "outputfile": {
+          "char": "f",
+          "description": "Force the path and name of output report file. Must end with .csv",
+          "name": "outputfile",
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
         },
-        "resume": {
-          "char": "r",
-          "description": "Resume previous export by checking existing files (default in CI)",
-          "name": "resume",
-          "allowNo": false,
-          "type": "boolean"
-        },
         "debug": {
           "char": "d",
           "description": "Activate debug mode (more logs)",
@@ -5642,13 +5627,13 @@
       },
       "hasDynamicHelp": true,
       "hiddenAliases": [],
-      "id": "hardis:org:files:export",
+      "id": "hardis:org:diagnose:audittrail",
       "pluginAlias": "sfdx-hardis",
       "pluginName": "sfdx-hardis",
       "pluginType": "core",
       "strict": true,
       "enableJsonFlag": true,
-      "title": "Export files",
+      "title": "Diagnose content of Setup Audit Trail",
       "requiresProject": false,
       "isESM": true,
       "relativePath": [
@@ -5656,43 +5641,43 @@
         "commands",
         "hardis",
         "org",
-        "files",
-        "export.js"
+        "diagnose",
+        "audittrail.js"
       ],
       "aliasPermutations": [],
       "permutations": [
-        "hardis:org:files:export",
-        "org:hardis:files:export",
-        "org:files:hardis:export",
-        "org:files:export:hardis",
-        "hardis:files:org:export",
-        "files:hardis:org:export",
-        "files:org:hardis:export",
-        "files:org:export:hardis",
-        "hardis:files:export:org",
-        "files:hardis:export:org",
-        "files:export:hardis:org",
-        "files:export:org:hardis",
-        "hardis:org:export:files",
-        "org:hardis:export:files",
-        "org:export:hardis:files",
-        "org:export:files:hardis",
-        "hardis:export:org:files",
-        "export:hardis:org:files",
-        "export:org:hardis:files",
-        "export:org:files:hardis",
-        "hardis:export:files:org",
-        "export:hardis:files:org",
-        "export:files:hardis:org",
-        "export:files:org:hardis"
+        "hardis:org:diagnose:audittrail",
+        "org:hardis:diagnose:audittrail",
+        "org:diagnose:hardis:audittrail",
+        "org:diagnose:audittrail:hardis",
+        "hardis:diagnose:org:audittrail",
+        "diagnose:hardis:org:audittrail",
+        "diagnose:org:hardis:audittrail",
+        "diagnose:org:audittrail:hardis",
+        "hardis:diagnose:audittrail:org",
+        "diagnose:hardis:audittrail:org",
+        "diagnose:audittrail:hardis:org",
+        "diagnose:audittrail:org:hardis",
+        "hardis:org:audittrail:diagnose",
+        "org:hardis:audittrail:diagnose",
+        "org:audittrail:hardis:diagnose",
+        "org:audittrail:diagnose:hardis",
+        "hardis:audittrail:org:diagnose",
+        "audittrail:hardis:org:diagnose",
+        "audittrail:org:hardis:diagnose",
+        "audittrail:org:diagnose:hardis",
+        "hardis:audittrail:diagnose:org",
+        "audittrail:hardis:diagnose:org",
+        "audittrail:diagnose:hardis:org",
+        "audittrail:diagnose:org:hardis"
       ]
     },
-    "hardis:org:files:import": {
+    "hardis:org:diagnose:instanceupgrade": {
       "aliases": [],
       "args": {},
-      "description": "\nThis command facilitates the mass upload of files into Salesforce, allowing you to populate records with associated documents, images, or other file types. It's a crucial tool for data migration, content seeding, or synchronizing external file repositories with Salesforce.\n\nKey functionalities:\n\n- **Configuration-Driven Import:** Relies on an `export.json` file within a designated file export project (created using `sf hardis:org:configure:files`) to determine which files to import and how they should be associated with Salesforce records.\n- **Interactive Project Selection:** If the file import project path is not provided via the `--path` flag, it interactively prompts the user to select one.\n- **Overwrite Option:** The `--overwrite` flag allows you to replace existing files in Salesforce with local versions that have the same name. Be aware that this option doubles the number of API calls used.\n- **Support for ContentVersion and Attachment:** Handles both modern Salesforce Files (ContentVersion) and older Attachments.\n\nSee this article for how to export files, which is often a prerequisite for importing:\n\n[![How to mass download notes and attachments files from a Salesforce org](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-mass-download.jpg)](https://nicolas.vuillamy.fr/how-to-mass-download-notes-and-attachments-files-from-a-salesforce-org-83a028824afd)\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **FilesImporter Class:** The core logic is encapsulated within the `FilesImporter` class, which orchestrates the entire import process.\n- **File System Scan:** Scans the local file system within the configured project directory to identify files for import.\n- **Salesforce API Interaction:** Uses Salesforce APIs (e.g., ContentVersion, Attachment) to upload files and associate them with records.\n- **Configuration Loading:** Reads the `export.json` file to get the import configuration, including SOQL queries to identify parent records for file association.\n- **Interactive Prompts:** Uses `selectFilesWorkspace` to allow the user to choose a file import project and `prompts` for confirming the overwrite behavior.\n- **Error Handling:** Includes mechanisms to handle potential errors during the import process, such as API limits or file upload failures.\n</details>\n",
+      "description": "\n## Command Behavior\n\n**Retrieves and displays the scheduled upgrade date for a Salesforce org's instance.**\n\nThis command provides crucial information about when your Salesforce instance will be upgraded to the next major release (Spring, Summer, or Winter). This is vital for release planning, testing, and ensuring compatibility with upcoming Salesforce features.\n\nKey functionalities:\n\n- **Instance Identification:** Determines the Salesforce instance name of your target org.\n- **Upgrade Date Retrieval:** Fetches the planned start time of the next major core service upgrade for that instance from the Salesforce Status API.\n- **Days Until Upgrade:** Calculates and displays the number of days remaining until the next major upgrade.\n- **Severity-Based Logging:** Adjusts the log severity (info, warning) based on the proximity of the upgrade date, providing a visual cue for urgency.\n- **Notifications:** Sends notifications to configured channels (e.g., Slack, MS Teams, Grafana) with the upgrade information, making it suitable for automated monitoring.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **Salesforce SOQL Query:** It first queries the `Organization` object in Salesforce to get the `InstanceName` of the target org.\n- **Salesforce Status API Integration:** It makes an HTTP GET request to the Salesforce Status API (`https://api.status.salesforce.com/v1/instances/{instanceName}/status`) to retrieve detailed information about the instance, including scheduled maintenances.\n- **Data Parsing:** It parses the JSON response from the Status API to extract the relevant major release upgrade information.\n- **Date Calculation:** Uses the `moment` library to calculate the difference in days between the current date and the planned upgrade date.\n- **Notification Integration:** It integrates with the `NotifProvider` to send notifications, including the instance name, upgrade date, and days remaining, along with relevant metrics for monitoring dashboards.\n- **User Feedback:** Provides clear messages to the user about the upgrade status and proximity.\n</details>\n",
       "examples": [
-        "$ sf hardis:org:files:import"
+        "$ sf hardis:org:diagnose:instanceupgrade"
       ],
       "flags": {
         "json": {
@@ -5710,21 +5695,6 @@
           "multiple": false,
           "type": "option"
         },
-        "path": {
-          "char": "p",
-          "description": "Path to the file export project",
-          "name": "path",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "overwrite": {
-          "char": "f",
-          "description": "Override existing files (doubles the number of API calls)",
-          "name": "overwrite",
-          "allowNo": false,
-          "type": "boolean"
-        },
         "debug": {
           "char": "d",
           "description": "Activate debug mode (more logs)",
@@ -5763,13 +5733,13 @@
       },
       "hasDynamicHelp": true,
       "hiddenAliases": [],
-      "id": "hardis:org:files:import",
+      "id": "hardis:org:diagnose:instanceupgrade",
       "pluginAlias": "sfdx-hardis",
       "pluginName": "sfdx-hardis",
       "pluginType": "core",
       "strict": true,
       "enableJsonFlag": true,
-      "title": "Import files",
+      "title": "Get Instance Upgrade date",
       "requiresProject": false,
       "isESM": true,
       "relativePath": [
@@ -5777,247 +5747,8 @@
         "commands",
         "hardis",
         "org",
-        "files",
-        "import.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:org:files:import",
-        "org:hardis:files:import",
-        "org:files:hardis:import",
-        "org:files:import:hardis",
-        "hardis:files:org:import",
-        "files:hardis:org:import",
-        "files:org:hardis:import",
-        "files:org:import:hardis",
-        "hardis:files:import:org",
-        "files:hardis:import:org",
-        "files:import:hardis:org",
-        "files:import:org:hardis",
-        "hardis:org:import:files",
-        "org:hardis:import:files",
-        "org:import:hardis:files",
-        "org:import:files:hardis",
-        "hardis:import:org:files",
-        "import:hardis:org:files",
-        "import:org:hardis:files",
-        "import:org:files:hardis",
-        "hardis:import:files:org",
-        "import:hardis:files:org",
-        "import:files:hardis:org",
-        "import:files:org:hardis"
-      ]
-    },
-    "hardis:org:diagnose:audittrail": {
-      "aliases": [],
-      "args": {},
-      "description": "Export Audit trail into a CSV file with selected criteria, and highlight suspect actions\n\nAlso detects updates of Custom Settings values (disable by defining `SKIP_AUDIT_TRAIL_CUSTOM_SETTINGS=true`)\n\nRegular setup actions performed in major orgs are filtered.\n\n- \"\"\n  - createScratchOrg\n  - changedsenderemail\n  - deleteScratchOrg\n  - loginasgrantedtopartnerbt\n- Certificate and Key Management\n  - insertCertificate\n- Custom App Licenses\n  - addeduserpackagelicense\n  - granteduserpackagelicense\n  - revokeduserpackagelicense\n- Customer Portal\n  - createdcustomersuccessuser\n  - CSPUserDisabled\n- Currency\n  - updateddatedexchrate\n- Data Management\n  - queueMembership\n- Email Administration\n  - dkimRotationPreparationSuccessful\n  - dkimRotationSuccessful\n- External Objects\n  - xdsEncryptedFieldChange\n- Groups\n  - groupMembership\n- Holidays\n  - holiday_insert\n- Inbox mobile and legacy desktop apps\n  - enableSIQUserNonEAC\n  - siqUserAcceptedTOS\n- Manage Users\n  - activateduser\n  - createduser\n  - changedcommunitynickname\n  - changedemail\n  - changedfederationid\n  - changedpassword\n  - changedinteractionuseroffon\n  - changedinteractionuseronoff\n  - changedmarketinguseroffon\n  - changedmarketinguseronoff\n  - changedofflineuseroffon\n  - changedprofileforuserstdtostd\n  - changedprofileforuser\n  - changedprofileforusercusttostd\n  - changedprofileforuserstdtocust\n  - changedroleforusertonone\n  - changedroleforuser\n  - changedroleforuserfromnone\n  - changedUserAdminVerifiedStatusVerified\n  - changedUserEmailVerifiedStatusUnverified\n  - changedUserEmailVerifiedStatusVerified\n  - changedknowledgeuseroffon\n  - changedsfcontentuseroffon\n  - changedsupportuseroffon\n  - changedusername\n  - changedUserPhoneNumber\n  - changedUserPhoneVerifiedStatusUnverified\n  - changedUserPhoneVerifiedStatusVerified\n  - deactivateduser\n  - deleteAuthenticatorPairing\n  - deleteTwoFactorInfo2\n  - deleteTwoFactorTempCode\n  - frozeuser\n  - insertAuthenticatorPairing\n  - insertTwoFactorInfo2\n  - insertTwoFactorTempCode\n  - lightningloginenroll\n  - PermSetAssign\n  - PermSetGroupAssign\n  - PermSetGroupUnassign\n  - PermSetLicenseAssign\n  - PermSetUnassign\n  - PermSetLicenseUnassign\n  - registeredUserPhoneNumber\n  - resetpassword\n  - suNetworkAdminLogin\n  - suNetworkAdminLogout\n  - suOrgAdminLogin\n  - suOrgAdminLogout\n  - unfrozeuser\n  - useremailchangesent\n- Mobile Administration\n  - assigneduserstomobileconfig\n- Reporting Snapshots\n  - createdReportJob\n  - deletedReportJob\n- Sandboxes\n  - DeleteSandbox\n\nBy default, deployment user defined in .sfdx-hardis.yml targetUsername property will be excluded.\n\nYou can define additional users to exclude in .sfdx-hardis.yml **monitoringExcludeUsernames** property.\n\nYou can also add more sections / actions considered as not suspect using property **monitoringAllowedSectionsActions**\n\nExample:\n\n```yaml\nmonitoringExcludeUsernames:\n  - deploymentuser@cloudity.com\n  - marketingcloud@cloudity.com\n  - integration-user@cloudity.com\n\nmonitoringAllowedSectionsActions:\n  \"Some section\": [] // Will ignore all actions from such section\n  \"Some other section\": [\"actionType1\",\"actionType2\",\"actionType3\"] // Will ignore only those 3 actions from section \"Some other section\". Other actions in the same section will be considered as suspect.\n```\n\n## Excel output example\n\n![](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/screenshot-monitoring-audittrail-excel.jpg)\n\n## Local output example\n\n![](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/screenshot-monitoring-audittrail-local.jpg)\n\nThis command is part of [sfdx-hardis Monitoring](https://sfdx-hardis.cloudity.com/salesforce-monitoring-suspect-audit-trail/) and can output Grafana, Slack and MsTeams Notifications.\n",
-      "examples": [
-        "$ sf hardis:org:diagnose:audittrail",
-        "$ sf hardis:org:diagnose:audittrail --excludeusers baptiste@titi.com",
-        "$ sf hardis:org:diagnose:audittrail --excludeusers baptiste@titi.com,bertrand@titi.com",
-        "$ sf hardis:org:diagnose:audittrail --lastndays 5"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "excludeusers": {
-          "char": "e",
-          "description": "Comma-separated list of usernames to exclude",
-          "name": "excludeusers",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "lastndays": {
-          "char": "t",
-          "description": "Number of days to extract from today (included)",
-          "name": "lastndays",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "outputfile": {
-          "char": "f",
-          "description": "Force the path and name of output report file. Must end with .csv",
-          "name": "outputfile",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "target-org": {
-          "aliases": [
-            "targetusername",
-            "u"
-          ],
-          "char": "o",
-          "deprecateAliases": true,
-          "name": "target-org",
-          "noCacheDefault": true,
-          "required": true,
-          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        }
-      },
-      "hasDynamicHelp": true,
-      "hiddenAliases": [],
-      "id": "hardis:org:diagnose:audittrail",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Diagnose content of Setup Audit Trail",
-      "requiresProject": false,
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "org",
-        "diagnose",
-        "audittrail.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:org:diagnose:audittrail",
-        "org:hardis:diagnose:audittrail",
-        "org:diagnose:hardis:audittrail",
-        "org:diagnose:audittrail:hardis",
-        "hardis:diagnose:org:audittrail",
-        "diagnose:hardis:org:audittrail",
-        "diagnose:org:hardis:audittrail",
-        "diagnose:org:audittrail:hardis",
-        "hardis:diagnose:audittrail:org",
-        "diagnose:hardis:audittrail:org",
-        "diagnose:audittrail:hardis:org",
-        "diagnose:audittrail:org:hardis",
-        "hardis:org:audittrail:diagnose",
-        "org:hardis:audittrail:diagnose",
-        "org:audittrail:hardis:diagnose",
-        "org:audittrail:diagnose:hardis",
-        "hardis:audittrail:org:diagnose",
-        "audittrail:hardis:org:diagnose",
-        "audittrail:org:hardis:diagnose",
-        "audittrail:org:diagnose:hardis",
-        "hardis:audittrail:diagnose:org",
-        "audittrail:hardis:diagnose:org",
-        "audittrail:diagnose:hardis:org",
-        "audittrail:diagnose:org:hardis"
-      ]
-    },
-    "hardis:org:diagnose:instanceupgrade": {
-      "aliases": [],
-      "args": {},
-      "description": "\n## Command Behavior\n\n**Retrieves and displays the scheduled upgrade date for a Salesforce org's instance.**\n\nThis command provides crucial information about when your Salesforce instance will be upgraded to the next major release (Spring, Summer, or Winter). This is vital for release planning, testing, and ensuring compatibility with upcoming Salesforce features.\n\nKey functionalities:\n\n- **Instance Identification:** Determines the Salesforce instance name of your target org.\n- **Upgrade Date Retrieval:** Fetches the planned start time of the next major core service upgrade for that instance from the Salesforce Status API.\n- **Days Until Upgrade:** Calculates and displays the number of days remaining until the next major upgrade.\n- **Severity-Based Logging:** Adjusts the log severity (info, warning) based on the proximity of the upgrade date, providing a visual cue for urgency.\n- **Notifications:** Sends notifications to configured channels (e.g., Slack, MS Teams, Grafana) with the upgrade information, making it suitable for automated monitoring.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **Salesforce SOQL Query:** It first queries the `Organization` object in Salesforce to get the `InstanceName` of the target org.\n- **Salesforce Status API Integration:** It makes an HTTP GET request to the Salesforce Status API (`https://api.status.salesforce.com/v1/instances/{instanceName}/status`) to retrieve detailed information about the instance, including scheduled maintenances.\n- **Data Parsing:** It parses the JSON response from the Status API to extract the relevant major release upgrade information.\n- **Date Calculation:** Uses the `moment` library to calculate the difference in days between the current date and the planned upgrade date.\n- **Notification Integration:** It integrates with the `NotifProvider` to send notifications, including the instance name, upgrade date, and days remaining, along with relevant metrics for monitoring dashboards.\n- **User Feedback:** Provides clear messages to the user about the upgrade status and proximity.\n</details>\n",
-      "examples": [
-        "$ sf hardis:org:diagnose:instanceupgrade"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "target-org": {
-          "aliases": [
-            "targetusername",
-            "u"
-          ],
-          "char": "o",
-          "deprecateAliases": true,
-          "name": "target-org",
-          "noCacheDefault": true,
-          "required": true,
-          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        }
-      },
-      "hasDynamicHelp": true,
-      "hiddenAliases": [],
-      "id": "hardis:org:diagnose:instanceupgrade",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Get Instance Upgrade date",
-      "requiresProject": false,
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "org",
-        "diagnose",
-        "instanceupgrade.js"
+        "diagnose",
+        "instanceupgrade.js"
       ],
       "aliasPermutations": [],
       "permutations": [
@@ -7206,13 +6937,12 @@
         "unusedusers:diagnose:org:hardis"
       ]
     },
-    "hardis:org:fix:listviewmine": {
+    "hardis:org:files:export": {
       "aliases": [],
       "args": {},
-      "description": "Fix listviews whose scope Mine has been replaced by Everything\n\n[![Invalid scope:Mine, not allowed ? Deploy your ListViews anyway !](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-invalid-scope-mine.jpg)](https://nicolas.vuillamy.fr/invalid-scope-mine-not-allowed-deploy-your-listviews-anyway-443aceca8ac7)\n\nList of ListViews can be:\n\n- read from .sfdx-hardis.yml file in property **listViewsToSetToMine**\n- sent in argument listviews\n\nNote: property **listViewsToSetToMine** can be auto-generated by command hardis:work:save if .sfdx-hardis.yml contains the following configuration\n\n```yaml\nautoCleanTypes:\n  - listViewsMine\n```\n\n- Example of sfdx-hardis.yml property `listViewsToSetToMine`:\n\n```yaml\nlistViewsToSetToMine:\n  - \"force-app/main/default/objects/Operation__c/listViews/MyCurrentOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Operation__c/listViews/MyFinalizedOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/Default_Opportunity_Pipeline.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MyCurrentSubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MySubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Account/listViews/MyActivePartners.listView-meta.xml\"\n```\n\n- If manually written, this could also be:\n\n```yaml\nlistViewsToSetToMine:\n  - \"Operation__c:MyCurrentOperations\"\n  - \"Operation__c:MyFinalizedOperations\"\n  - \"Opportunity:Default_Opportunity_Pipeline\"\n  - \"Opportunity:MyCurrentSubscriptions\"\n  - \"Opportunity:MySubscriptions\"\n  - \"Account:MyActivePartners\"\n```\n\nTroubleshooting: if you need to run this command from an alpine-linux based docker image, use this workaround in your dockerfile:\n\n```dockerfile\n# Do not use puppeteer embedded chromium\nRUN apk add --update --no-cache chromium\nENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=\"true\"\nENV CHROMIUM_PATH=\"/usr/bin/chromium-browser\"\nENV PUPPETEER_EXECUTABLE_PATH=\"$\\{CHROMIUM_PATH}\" // remove \\ before {\n```\n",
+      "description": "\n## Command Behavior\n\n**Exports file attachments (ContentVersion, Attachment) from a Salesforce org based on a predefined configuration.**\n\nThis command enables the mass download of files associated with Salesforce records, providing a robust solution for backing up files, migrating them to other systems, or integrating them with external document management solutions.\n\nKey functionalities:\n\n- **Configuration-Driven Export:** Relies on an `export.json` file within a designated file export project to define the export criteria, including the SOQL query for parent records, file types to export, output naming conventions, and file size filtering.\n- **File Size Filtering:** Supports minimum file size filtering via the `fileSizeMin` configuration parameter (in KB). Files smaller than the specified size will be skipped during export.\n- **File Validation:** After downloading each file, validates the integrity by:\n  - **Checksum Validation:** For ContentVersion files, compares MD5 checksum with Salesforce's stored checksum\n  - **Size Validation:** For both ContentVersion and Attachment files, verifies actual file size matches expected size\n  - **Status Tracking:** Files are categorized with specific statuses: `success` (valid files), `failed` (download errors), `skipped` (filtered files), `invalid` (downloaded but failed validation)\n  - All validation results are logged in the CSV export log for audit purposes\n- **Resume/Restart Capability:** \n  - **Resume Mode:** When `--resume` flag is used (default in CI environments), checks existing downloaded files for validity. Valid files are skipped, invalid files are re-downloaded.\n  - **Restart Mode:** When resume is disabled, clears the output folder and starts a fresh export.\n  - **Interactive Mode:** When existing files are found and `--resume` is not explicitly specified (non-CI environments), prompts the user to choose between resume or restart.\n- **Interactive Project Selection:** If the file export project path is not provided via the `--path` flag, it interactively prompts the user to select one.\n- **Configurable Export Options:** Allows overriding default export settings such as `chunksize` (number of records processed in a batch), `polltimeout` (timeout for Bulk API calls), and `startchunknumber` (to resume a failed export).\n- **Support for ContentVersion and Attachment:** Handles both modern Salesforce Files (ContentVersion) and older Attachments.\n\nSee this article for a practical example:\n\n[![How to mass download notes and attachments files from a Salesforce org](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-mass-download.jpg)](https://nicolas.vuillamy.fr/how-to-mass-download-notes-and-attachments-files-from-a-salesforce-org-83a028824afd)\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **FilesExporter Class:** The core logic is encapsulated within the `FilesExporter` class, which orchestrates the entire export process.\n- **SOQL Queries (Bulk API):** It uses Salesforce Bulk API queries to efficiently retrieve large volumes of parent record IDs and file metadata, including checksums and file sizes.\n- **File Download:** Downloads the actual file content from Salesforce.\n- **File Validation:** After each successful download, validates file integrity by comparing checksums (ContentVersion) and file sizes (both ContentVersion and Attachment) against Salesforce metadata.\n- **Resume Logic:** In resume mode, checks for existing files before downloading, validates their integrity, and only re-downloads invalid or missing files. This enables efficient recovery from interrupted exports.\n- **File System Operations:** Writes the downloaded files to the local file system, organizing them into folders based on the configured naming conventions.\n- **Configuration Loading:** Reads the `export.json` file to get the export configuration. It also allows for interactive overriding of these settings.\n- **Interactive Prompts:** Uses `selectFilesWorkspace` to allow the user to choose a file export project, `promptFilesExportConfiguration` for customizing export options, and prompts for resume/restart choice when existing files are found.\n- **Error Handling:** Includes mechanisms to handle potential errors during the export process, such as network issues, API limits, and file validation failures. Each file is assigned a specific status (`success`, `failed`, `skipped`, `invalid`) for comprehensive tracking and troubleshooting.\n</details>\n",
       "examples": [
-        "$ sf hardis:org:fix:listviewmine",
-        "$ sf hardis:org:fix:listviewmine --listviews Opportunity:MySubscriptions,Account:MyActivePartners"
+        "$ sf hardis:org:files:export"
       ],
       "flags": {
         "json": {
@@ -7230,20 +6960,290 @@
           "multiple": false,
           "type": "option"
         },
-        "listviews": {
-          "char": "l",
-          "description": "Comma-separated list of listviews following format Object:ListViewName\nExample: Contact:MyContacts,Contact:MyActiveContacts,Opportunity:MYClosedOpportunities",
-          "name": "listviews",
+        "path": {
+          "char": "p",
+          "description": "Path to the file export project",
+          "name": "path",
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
         },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
+        "chunksize": {
+          "char": "c",
+          "description": "Number of records to add in a chunk before it is processed",
+          "name": "chunksize",
+          "default": 1000,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "polltimeout": {
+          "char": "t",
+          "description": "Timeout in MS for Bulk API calls",
+          "name": "polltimeout",
+          "default": 300000,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "startchunknumber": {
+          "char": "s",
+          "description": "Chunk number to start from",
+          "name": "startchunknumber",
+          "default": 0,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "resume": {
+          "char": "r",
+          "description": "Resume previous export by checking existing files (default in CI)",
+          "name": "resume",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "target-org": {
+          "aliases": [
+            "targetusername",
+            "u"
+          ],
+          "char": "o",
+          "deprecateAliases": true,
+          "name": "target-org",
+          "noCacheDefault": true,
+          "required": true,
+          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:org:files:export",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Export files",
+      "requiresProject": false,
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "org",
+        "files",
+        "export.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:org:files:export",
+        "org:hardis:files:export",
+        "org:files:hardis:export",
+        "org:files:export:hardis",
+        "hardis:files:org:export",
+        "files:hardis:org:export",
+        "files:org:hardis:export",
+        "files:org:export:hardis",
+        "hardis:files:export:org",
+        "files:hardis:export:org",
+        "files:export:hardis:org",
+        "files:export:org:hardis",
+        "hardis:org:export:files",
+        "org:hardis:export:files",
+        "org:export:hardis:files",
+        "org:export:files:hardis",
+        "hardis:export:org:files",
+        "export:hardis:org:files",
+        "export:org:hardis:files",
+        "export:org:files:hardis",
+        "hardis:export:files:org",
+        "export:hardis:files:org",
+        "export:files:hardis:org",
+        "export:files:org:hardis"
+      ]
+    },
+    "hardis:org:files:import": {
+      "aliases": [],
+      "args": {},
+      "description": "\nThis command facilitates the mass upload of files into Salesforce, allowing you to populate records with associated documents, images, or other file types. It's a crucial tool for data migration, content seeding, or synchronizing external file repositories with Salesforce.\n\nKey functionalities:\n\n- **Configuration-Driven Import:** Relies on an `export.json` file within a designated file export project (created using `sf hardis:org:configure:files`) to determine which files to import and how they should be associated with Salesforce records.\n- **Interactive Project Selection:** If the file import project path is not provided via the `--path` flag, it interactively prompts the user to select one.\n- **Overwrite Option:** The `--overwrite` flag allows you to replace existing files in Salesforce with local versions that have the same name. Be aware that this option doubles the number of API calls used.\n- **Support for ContentVersion and Attachment:** Handles both modern Salesforce Files (ContentVersion) and older Attachments.\n\nSee this article for how to export files, which is often a prerequisite for importing:\n\n[![How to mass download notes and attachments files from a Salesforce org](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-mass-download.jpg)](https://nicolas.vuillamy.fr/how-to-mass-download-notes-and-attachments-files-from-a-salesforce-org-83a028824afd)\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **FilesImporter Class:** The core logic is encapsulated within the `FilesImporter` class, which orchestrates the entire import process.\n- **File System Scan:** Scans the local file system within the configured project directory to identify files for import.\n- **Salesforce API Interaction:** Uses Salesforce APIs (e.g., ContentVersion, Attachment) to upload files and associate them with records.\n- **Configuration Loading:** Reads the `export.json` file to get the import configuration, including SOQL queries to identify parent records for file association.\n- **Interactive Prompts:** Uses `selectFilesWorkspace` to allow the user to choose a file import project and `prompts` for confirming the overwrite behavior.\n- **Error Handling:** Includes mechanisms to handle potential errors during the import process, such as API limits or file upload failures.\n</details>\n",
+      "examples": [
+        "$ sf hardis:org:files:import"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "path": {
+          "char": "p",
+          "description": "Path to the file export project",
+          "name": "path",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "overwrite": {
+          "char": "f",
+          "description": "Override existing files (doubles the number of API calls)",
+          "name": "overwrite",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "target-org": {
+          "aliases": [
+            "targetusername",
+            "u"
+          ],
+          "char": "o",
+          "deprecateAliases": true,
+          "name": "target-org",
+          "noCacheDefault": true,
+          "required": true,
+          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:org:files:import",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Import files",
+      "requiresProject": false,
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "org",
+        "files",
+        "import.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:org:files:import",
+        "org:hardis:files:import",
+        "org:files:hardis:import",
+        "org:files:import:hardis",
+        "hardis:files:org:import",
+        "files:hardis:org:import",
+        "files:org:hardis:import",
+        "files:org:import:hardis",
+        "hardis:files:import:org",
+        "files:hardis:import:org",
+        "files:import:hardis:org",
+        "files:import:org:hardis",
+        "hardis:org:import:files",
+        "org:hardis:import:files",
+        "org:import:hardis:files",
+        "org:import:files:hardis",
+        "hardis:import:org:files",
+        "import:hardis:org:files",
+        "import:org:hardis:files",
+        "import:org:files:hardis",
+        "hardis:import:files:org",
+        "import:hardis:files:org",
+        "import:files:hardis:org",
+        "import:files:org:hardis"
+      ]
+    },
+    "hardis:org:fix:listviewmine": {
+      "aliases": [],
+      "args": {},
+      "description": "Fix listviews whose scope Mine has been replaced by Everything\n\n[![Invalid scope:Mine, not allowed ? Deploy your ListViews anyway !](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-invalid-scope-mine.jpg)](https://nicolas.vuillamy.fr/invalid-scope-mine-not-allowed-deploy-your-listviews-anyway-443aceca8ac7)\n\nList of ListViews can be:\n\n- read from .sfdx-hardis.yml file in property **listViewsToSetToMine**\n- sent in argument listviews\n\nNote: property **listViewsToSetToMine** can be auto-generated by command hardis:work:save if .sfdx-hardis.yml contains the following configuration\n\n```yaml\nautoCleanTypes:\n  - listViewsMine\n```\n\n- Example of sfdx-hardis.yml property `listViewsToSetToMine`:\n\n```yaml\nlistViewsToSetToMine:\n  - \"force-app/main/default/objects/Operation__c/listViews/MyCurrentOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Operation__c/listViews/MyFinalizedOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/Default_Opportunity_Pipeline.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MyCurrentSubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MySubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Account/listViews/MyActivePartners.listView-meta.xml\"\n```\n\n- If manually written, this could also be:\n\n```yaml\nlistViewsToSetToMine:\n  - \"Operation__c:MyCurrentOperations\"\n  - \"Operation__c:MyFinalizedOperations\"\n  - \"Opportunity:Default_Opportunity_Pipeline\"\n  - \"Opportunity:MyCurrentSubscriptions\"\n  - \"Opportunity:MySubscriptions\"\n  - \"Account:MyActivePartners\"\n```\n\nTroubleshooting: if you need to run this command from an alpine-linux based docker image, use this workaround in your dockerfile:\n\n```dockerfile\n# Do not use puppeteer embedded chromium\nRUN apk add --update --no-cache chromium\nENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=\"true\"\nENV CHROMIUM_PATH=\"/usr/bin/chromium-browser\"\nENV PUPPETEER_EXECUTABLE_PATH=\"$\\{CHROMIUM_PATH}\" // remove \\ before {\n```\n",
+      "examples": [
+        "$ sf hardis:org:fix:listviewmine",
+        "$ sf hardis:org:fix:listviewmine --listviews Opportunity:MySubscriptions,Account:MyActivePartners"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "listviews": {
+          "char": "l",
+          "description": "Comma-separated list of listviews following format Object:ListViewName\nExample: Contact:MyContacts,Contact:MyActiveContacts,Opportunity:MYClosedOpportunities",
+          "name": "listviews",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
         },
         "websocket": {
           "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
@@ -7905,262 +7905,23 @@
         "hardis:monitor:org:limits",
         "monitor:hardis:org:limits",
         "monitor:org:hardis:limits",
-        "monitor:org:limits:hardis",
-        "hardis:monitor:limits:org",
-        "monitor:hardis:limits:org",
-        "monitor:limits:hardis:org",
-        "monitor:limits:org:hardis",
-        "hardis:org:limits:monitor",
-        "org:hardis:limits:monitor",
-        "org:limits:hardis:monitor",
-        "org:limits:monitor:hardis",
-        "hardis:limits:org:monitor",
-        "limits:hardis:org:monitor",
-        "limits:org:hardis:monitor",
-        "limits:org:monitor:hardis",
-        "hardis:limits:monitor:org",
-        "limits:hardis:monitor:org",
-        "limits:monitor:hardis:org",
-        "limits:monitor:org:hardis"
-      ]
-    },
-    "hardis:org:refresh:after-refresh": {
-      "aliases": [],
-      "args": {},
-      "description": "\n## Command Behavior\n\n**Restores all previously backed-up Connected Apps (including Consumer Secrets), certificates, custom settings, records and other metadata to a Salesforce org after a sandbox refresh.**\n\nThis command is the second step in the sandbox refresh process. It scans the backup folder created before the refresh, allows interactive or flag-driven selection of items to restore, and automates cleanup and redeployment to the refreshed org while preserving credentials and configuration.\n\nKey functionalities:\n\n- **Choose a backup to restore:** Lets you pick the saved sandbox project that contains the artifacts to restore.\n- **Select which items to restore:** Finds Connected App XMLs, certificates, custom settings and other artifacts and lets you pick what to restore (or restore all).\n- **Safety checks and validation:** Confirms files exist and prompts before making changes to the target org.\n- **Prepare org for restore:** Optionally cleans up existing Connected Apps so saved apps can be re-deployed without conflict.\n- **Redeploy saved artifacts:** Restores Connected Apps (with saved secrets), certificates, SAML SSO configs, custom settings and other metadata.\n- **Handle SAML configs:** Cleans and updates SAML XML files and helps you choose certificates to wire into restored configs.\n- **Restore records:** Optionally runs data import from selected SFDMU workspaces to restore record data.\n- **Reporting & persistence:** Sends restore reports and can update project config to record what was restored.\n\nThis command is part of [sfdx-hardis Sandbox Refresh](https://sfdx-hardis.cloudity.com/salesforce-sandbox-refresh/) and is intended to be run after a sandbox refresh to re-apply saved metadata, credentials and data.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\n- **Backup Folder Handling:** Reads the immediate subfolders of `scripts/sandbox-refresh/` and validates the chosen project contains the expected `manifest/` and `force-app` layout.\n- **Metadata & Deployment APIs:** Uses `sf project deploy start --manifest` for package-based deploys, `sf project deploy start --metadata-dir` for MDAPI artifacts (certificates), and utility functions for Connected App deployment that preserve consumer secrets.\n- **SAML Handling:** Queries active certificates via tooling API, updates SAML XML files, and deploys using `sf project deploy start -m SamlSsoConfig`.\n- **Records Handling:** Uses interactive selection of SFDMU workspaces and runs data import utilities to restore records.\n- **Error Handling & Summary:** Aggregates results, logs success/warnings/errors, and returns a structured result indicating which items were restored and any failures.\n\n</details>\n",
-      "examples": [
-        "$ sf hardis:org:refresh:after-refresh",
-        "$ sf hardis:org:refresh:after-refresh --name \"MyConnectedApp\" // Process specific app, no selection prompt",
-        "$ sf hardis:org:refresh:after-refresh --name \"App1,App2,App3\" // Process multiple apps, no selection prompt",
-        "$ sf hardis:org:refresh:after-refresh --all // Process all apps, no selection prompt",
-        "$ sf hardis:org:refresh:after-refresh --target-org myDevOrg"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "target-org": {
-          "char": "o",
-          "name": "target-org",
-          "noCacheDefault": true,
-          "required": true,
-          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        },
-        "name": {
-          "char": "n",
-          "description": "Connected App name(s) to process (bypasses selection prompt). For multiple apps, separate with commas (e.g., \"App1,App2\")",
-          "name": "name",
-          "summary": "Filter according to Name criteria",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "all": {
-          "char": "a",
-          "description": "If set, all Connected Apps from the local repository will be processed. Takes precedence over --name if both are specified.",
-          "name": "all",
-          "summary": "Process all Connected Apps without selection prompt",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "WebSocket host:port for VS Code SFDX Hardis UI integration",
-          "name": "websocket",
-          "summary": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "summary": "Skip authentication check when a default username is required",
-          "allowNo": false,
-          "type": "boolean"
-        }
-      },
-      "hasDynamicHelp": true,
-      "hiddenAliases": [],
-      "id": "hardis:org:refresh:after-refresh",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Restore Connected Apps after org refresh",
-      "requiresProject": true,
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "org",
-        "refresh",
-        "after-refresh.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:org:refresh:after-refresh",
-        "org:hardis:refresh:after-refresh",
-        "org:refresh:hardis:after-refresh",
-        "org:refresh:after-refresh:hardis",
-        "hardis:refresh:org:after-refresh",
-        "refresh:hardis:org:after-refresh",
-        "refresh:org:hardis:after-refresh",
-        "refresh:org:after-refresh:hardis",
-        "hardis:refresh:after-refresh:org",
-        "refresh:hardis:after-refresh:org",
-        "refresh:after-refresh:hardis:org",
-        "refresh:after-refresh:org:hardis",
-        "hardis:org:after-refresh:refresh",
-        "org:hardis:after-refresh:refresh",
-        "org:after-refresh:hardis:refresh",
-        "org:after-refresh:refresh:hardis",
-        "hardis:after-refresh:org:refresh",
-        "after-refresh:hardis:org:refresh",
-        "after-refresh:org:hardis:refresh",
-        "after-refresh:org:refresh:hardis",
-        "hardis:after-refresh:refresh:org",
-        "after-refresh:hardis:refresh:org",
-        "after-refresh:refresh:hardis:org",
-        "after-refresh:refresh:org:hardis"
-      ]
-    },
-    "hardis:org:refresh:before-refresh": {
-      "aliases": [],
-      "args": {},
-      "description": "\n## Command Behavior\n\n**Backs up all Connected Apps (including Consumer Secrets), certificates, custom settings, records and other metadata from a Salesforce org before a sandbox refresh, enabling full restoration after the refresh.**\n\nThis command prepares a complete backup prior to a sandbox refresh. It creates a dedicated project under `scripts/sandbox-refresh/<sandbox-folder>`, retrieves metadata and data, attempts to capture Connected App consumer secrets, and can optionally delete the apps so they can be reuploaded after the refresh.\n\nKey functionalities:\n\n- **Create a save project:** Generates a dedicated project folder to store all artifacts for the sandbox backup.\n- **Find and select Connected Apps:** Lists Connected Apps in the org and lets you pick specific apps, use a name filter, or process all apps.\n- **Save metadata for restore:** Builds a manifest and retrieves the metadata types you choose so they can be restored after the refresh.\n- **Capture Consumer Secrets:** Attempts to capture Connected App consumer secrets automatically (opens a browser session when possible) and falls back to a short manual prompt when needed.\n- **Collect certificates:** Saves certificate files and their definitions so they can be redeployed later.\n- **Export custom settings & records:** Lets you pick custom settings to export as JSON and optionally export records using configured data workspaces.\n- **Persist choices & report:** Stores your backup choices in project config and sends report files for traceability.\n- **Optional cleanup:** Can delete backed-up Connected Apps from the org so they can be re-uploaded cleanly after the refresh.\n- **Interactive safety checks:** Prompts you to confirm package contents and other potentially destructive actions; sensible defaults are chosen where appropriate.\n\nThis command is part of [sfdx-hardis Sandbox Refresh](https://sfdx-hardis.cloudity.com/salesforce-sandbox-refresh/) and is intended to be run before a sandbox refresh so that all credentials, certificates, metadata and data can be restored afterwards.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\n- **Salesforce CLI Integration:** Uses `sf org list metadata`, `sf project retrieve start`, `sf project generate`, `sf project deploy start`, and `sf data tree export`/`import` where applicable.\n- **Metadata Handling:** Writes and reads package XML files under the generated project (`manifest/`), copies MDAPI certificate artifacts into `force-app/main/default/certs`, and produces `package-metadata-to-restore.xml` for post-refresh deployment.\n- **Consumer Secret Handling:** Uses `puppeteer-core` with an executable path from `getChromeExecutablePath()` (env var `PUPPETEER_EXECUTABLE_PATH` may be required). Falls back to manual prompt when browser automation cannot be used.\n- **Data & Records:** Exports custom settings to JSON and supports exporting records through SFDMU workspaces chosen interactively.\n- **Config & Reporting:** Updates project/user config under `config/.sfdx-hardis.yml#refreshSandboxConfig` and reports artifacts to the WebSocket client.\n- **Error Handling:** Provides clear error messages and a summary response object indicating success/failure and which secrets were captured.\n\n</details>\n",
-      "examples": [
-        "$ sf hardis:org:refresh:before-refresh",
-        "$ sf hardis:org:refresh:before-refresh --name \"MyConnectedApp\"",
-        "$ sf hardis:org:refresh:before-refresh --name \"App1,App2,App3\"",
-        "$ sf hardis:org:refresh:before-refresh --all",
-        "$ sf hardis:org:refresh:before-refresh --delete"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "target-org": {
-          "char": "o",
-          "name": "target-org",
-          "noCacheDefault": true,
-          "required": true,
-          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        },
-        "delete": {
-          "char": "d",
-          "description": "By default, Connected Apps are not deleted from the org after saving. Set this flag to force their deletion so they will be able to be reuploaded again after refreshing the org.",
-          "name": "delete",
-          "summary": "Delete Connected Apps from org after saving",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "name": {
-          "char": "n",
-          "description": "Connected App name(s) to process. For multiple apps, separate with commas (e.g., \"App1,App2\")",
-          "name": "name",
-          "summary": "Filter according to Name criteria",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "all": {
-          "char": "a",
-          "description": "If set, all Connected Apps from the org will be processed. Takes precedence over --name if both are specified.",
-          "name": "all",
-          "summary": "Process all Connected Apps without selection prompt",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        }
-      },
-      "hasDynamicHelp": true,
-      "hiddenAliases": [],
-      "id": "hardis:org:refresh:before-refresh",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "requiresProject": true,
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "org",
-        "refresh",
-        "before-refresh.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:org:refresh:before-refresh",
-        "org:hardis:refresh:before-refresh",
-        "org:refresh:hardis:before-refresh",
-        "org:refresh:before-refresh:hardis",
-        "hardis:refresh:org:before-refresh",
-        "refresh:hardis:org:before-refresh",
-        "refresh:org:hardis:before-refresh",
-        "refresh:org:before-refresh:hardis",
-        "hardis:refresh:before-refresh:org",
-        "refresh:hardis:before-refresh:org",
-        "refresh:before-refresh:hardis:org",
-        "refresh:before-refresh:org:hardis",
-        "hardis:org:before-refresh:refresh",
-        "org:hardis:before-refresh:refresh",
-        "org:before-refresh:hardis:refresh",
-        "org:before-refresh:refresh:hardis",
-        "hardis:before-refresh:org:refresh",
-        "before-refresh:hardis:org:refresh",
-        "before-refresh:org:hardis:refresh",
-        "before-refresh:org:refresh:hardis",
-        "hardis:before-refresh:refresh:org",
-        "before-refresh:hardis:refresh:org",
-        "before-refresh:refresh:hardis:org",
-        "before-refresh:refresh:org:hardis"
+        "monitor:org:limits:hardis",
+        "hardis:monitor:limits:org",
+        "monitor:hardis:limits:org",
+        "monitor:limits:hardis:org",
+        "monitor:limits:org:hardis",
+        "hardis:org:limits:monitor",
+        "org:hardis:limits:monitor",
+        "org:limits:hardis:monitor",
+        "org:limits:monitor:hardis",
+        "hardis:limits:org:monitor",
+        "limits:hardis:org:monitor",
+        "limits:org:hardis:monitor",
+        "limits:org:monitor:hardis",
+        "hardis:limits:monitor:org",
+        "limits:hardis:monitor:org",
+        "limits:monitor:hardis:org",
+        "limits:monitor:org:hardis"
       ]
     },
     "hardis:org:purge:apexlog": {
@@ -8545,6 +8306,245 @@
         "profile:purge:org:hardis"
       ]
     },
+    "hardis:org:refresh:after-refresh": {
+      "aliases": [],
+      "args": {},
+      "description": "\n## Command Behavior\n\n**Restores all previously backed-up Connected Apps (including Consumer Secrets), certificates, custom settings, records and other metadata to a Salesforce org after a sandbox refresh.**\n\nThis command is the second step in the sandbox refresh process. It scans the backup folder created before the refresh, allows interactive or flag-driven selection of items to restore, and automates cleanup and redeployment to the refreshed org while preserving credentials and configuration.\n\nKey functionalities:\n\n- **Choose a backup to restore:** Lets you pick the saved sandbox project that contains the artifacts to restore.\n- **Select which items to restore:** Finds Connected App XMLs, certificates, custom settings and other artifacts and lets you pick what to restore (or restore all).\n- **Safety checks and validation:** Confirms files exist and prompts before making changes to the target org.\n- **Prepare org for restore:** Optionally cleans up existing Connected Apps so saved apps can be re-deployed without conflict.\n- **Redeploy saved artifacts:** Restores Connected Apps (with saved secrets), certificates, SAML SSO configs, custom settings and other metadata.\n- **Handle SAML configs:** Cleans and updates SAML XML files and helps you choose certificates to wire into restored configs.\n- **Restore records:** Optionally runs data import from selected SFDMU workspaces to restore record data.\n- **Reporting & persistence:** Sends restore reports and can update project config to record what was restored.\n\nThis command is part of [sfdx-hardis Sandbox Refresh](https://sfdx-hardis.cloudity.com/salesforce-sandbox-refresh/) and is intended to be run after a sandbox refresh to re-apply saved metadata, credentials and data.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\n- **Backup Folder Handling:** Reads the immediate subfolders of `scripts/sandbox-refresh/` and validates the chosen project contains the expected `manifest/` and `force-app` layout.\n- **Metadata & Deployment APIs:** Uses `sf project deploy start --manifest` for package-based deploys, `sf project deploy start --metadata-dir` for MDAPI artifacts (certificates), and utility functions for Connected App deployment that preserve consumer secrets.\n- **SAML Handling:** Queries active certificates via tooling API, updates SAML XML files, and deploys using `sf project deploy start -m SamlSsoConfig`.\n- **Records Handling:** Uses interactive selection of SFDMU workspaces and runs data import utilities to restore records.\n- **Error Handling & Summary:** Aggregates results, logs success/warnings/errors, and returns a structured result indicating which items were restored and any failures.\n\n</details>\n",
+      "examples": [
+        "$ sf hardis:org:refresh:after-refresh",
+        "$ sf hardis:org:refresh:after-refresh --name \"MyConnectedApp\" // Process specific app, no selection prompt",
+        "$ sf hardis:org:refresh:after-refresh --name \"App1,App2,App3\" // Process multiple apps, no selection prompt",
+        "$ sf hardis:org:refresh:after-refresh --all // Process all apps, no selection prompt",
+        "$ sf hardis:org:refresh:after-refresh --target-org myDevOrg"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "target-org": {
+          "char": "o",
+          "name": "target-org",
+          "noCacheDefault": true,
+          "required": true,
+          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        },
+        "name": {
+          "char": "n",
+          "description": "Connected App name(s) to process (bypasses selection prompt). For multiple apps, separate with commas (e.g., \"App1,App2\")",
+          "name": "name",
+          "summary": "Filter according to Name criteria",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "all": {
+          "char": "a",
+          "description": "If set, all Connected Apps from the local repository will be processed. Takes precedence over --name if both are specified.",
+          "name": "all",
+          "summary": "Process all Connected Apps without selection prompt",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "WebSocket host:port for VS Code SFDX Hardis UI integration",
+          "name": "websocket",
+          "summary": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "summary": "Skip authentication check when a default username is required",
+          "allowNo": false,
+          "type": "boolean"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:org:refresh:after-refresh",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Restore Connected Apps after org refresh",
+      "requiresProject": true,
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "org",
+        "refresh",
+        "after-refresh.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:org:refresh:after-refresh",
+        "org:hardis:refresh:after-refresh",
+        "org:refresh:hardis:after-refresh",
+        "org:refresh:after-refresh:hardis",
+        "hardis:refresh:org:after-refresh",
+        "refresh:hardis:org:after-refresh",
+        "refresh:org:hardis:after-refresh",
+        "refresh:org:after-refresh:hardis",
+        "hardis:refresh:after-refresh:org",
+        "refresh:hardis:after-refresh:org",
+        "refresh:after-refresh:hardis:org",
+        "refresh:after-refresh:org:hardis",
+        "hardis:org:after-refresh:refresh",
+        "org:hardis:after-refresh:refresh",
+        "org:after-refresh:hardis:refresh",
+        "org:after-refresh:refresh:hardis",
+        "hardis:after-refresh:org:refresh",
+        "after-refresh:hardis:org:refresh",
+        "after-refresh:org:hardis:refresh",
+        "after-refresh:org:refresh:hardis",
+        "hardis:after-refresh:refresh:org",
+        "after-refresh:hardis:refresh:org",
+        "after-refresh:refresh:hardis:org",
+        "after-refresh:refresh:org:hardis"
+      ]
+    },
+    "hardis:org:refresh:before-refresh": {
+      "aliases": [],
+      "args": {},
+      "description": "\n## Command Behavior\n\n**Backs up all Connected Apps (including Consumer Secrets), certificates, custom settings, records and other metadata from a Salesforce org before a sandbox refresh, enabling full restoration after the refresh.**\n\nThis command prepares a complete backup prior to a sandbox refresh. It creates a dedicated project under `scripts/sandbox-refresh/<sandbox-folder>`, retrieves metadata and data, attempts to capture Connected App consumer secrets, and can optionally delete the apps so they can be reuploaded after the refresh.\n\nKey functionalities:\n\n- **Create a save project:** Generates a dedicated project folder to store all artifacts for the sandbox backup.\n- **Find and select Connected Apps:** Lists Connected Apps in the org and lets you pick specific apps, use a name filter, or process all apps.\n- **Save metadata for restore:** Builds a manifest and retrieves the metadata types you choose so they can be restored after the refresh.\n- **Capture Consumer Secrets:** Attempts to capture Connected App consumer secrets automatically (opens a browser session when possible) and falls back to a short manual prompt when needed.\n- **Collect certificates:** Saves certificate files and their definitions so they can be redeployed later.\n- **Export custom settings & records:** Lets you pick custom settings to export as JSON and optionally export records using configured data workspaces.\n- **Persist choices & report:** Stores your backup choices in project config and sends report files for traceability.\n- **Optional cleanup:** Can delete backed-up Connected Apps from the org so they can be re-uploaded cleanly after the refresh.\n- **Interactive safety checks:** Prompts you to confirm package contents and other potentially destructive actions; sensible defaults are chosen where appropriate.\n\nThis command is part of [sfdx-hardis Sandbox Refresh](https://sfdx-hardis.cloudity.com/salesforce-sandbox-refresh/) and is intended to be run before a sandbox refresh so that all credentials, certificates, metadata and data can be restored afterwards.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\n- **Salesforce CLI Integration:** Uses `sf org list metadata`, `sf project retrieve start`, `sf project generate`, `sf project deploy start`, and `sf data tree export`/`import` where applicable.\n- **Metadata Handling:** Writes and reads package XML files under the generated project (`manifest/`), copies MDAPI certificate artifacts into `force-app/main/default/certs`, and produces `package-metadata-to-restore.xml` for post-refresh deployment.\n- **Consumer Secret Handling:** Uses `puppeteer-core` with an executable path from `getChromeExecutablePath()` (env var `PUPPETEER_EXECUTABLE_PATH` may be required). Falls back to manual prompt when browser automation cannot be used.\n- **Data & Records:** Exports custom settings to JSON and supports exporting records through SFDMU workspaces chosen interactively.\n- **Config & Reporting:** Updates project/user config under `config/.sfdx-hardis.yml#refreshSandboxConfig` and reports artifacts to the WebSocket client.\n- **Error Handling:** Provides clear error messages and a summary response object indicating success/failure and which secrets were captured.\n\n</details>\n",
+      "examples": [
+        "$ sf hardis:org:refresh:before-refresh",
+        "$ sf hardis:org:refresh:before-refresh --name \"MyConnectedApp\"",
+        "$ sf hardis:org:refresh:before-refresh --name \"App1,App2,App3\"",
+        "$ sf hardis:org:refresh:before-refresh --all",
+        "$ sf hardis:org:refresh:before-refresh --delete"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "target-org": {
+          "char": "o",
+          "name": "target-org",
+          "noCacheDefault": true,
+          "required": true,
+          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        },
+        "delete": {
+          "char": "d",
+          "description": "By default, Connected Apps are not deleted from the org after saving. Set this flag to force their deletion so they will be able to be reuploaded again after refreshing the org.",
+          "name": "delete",
+          "summary": "Delete Connected Apps from org after saving",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "name": {
+          "char": "n",
+          "description": "Connected App name(s) to process. For multiple apps, separate with commas (e.g., \"App1,App2\")",
+          "name": "name",
+          "summary": "Filter according to Name criteria",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "all": {
+          "char": "a",
+          "description": "If set, all Connected Apps from the org will be processed. Takes precedence over --name if both are specified.",
+          "name": "all",
+          "summary": "Process all Connected Apps without selection prompt",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:org:refresh:before-refresh",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "requiresProject": true,
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "org",
+        "refresh",
+        "before-refresh.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:org:refresh:before-refresh",
+        "org:hardis:refresh:before-refresh",
+        "org:refresh:hardis:before-refresh",
+        "org:refresh:before-refresh:hardis",
+        "hardis:refresh:org:before-refresh",
+        "refresh:hardis:org:before-refresh",
+        "refresh:org:hardis:before-refresh",
+        "refresh:org:before-refresh:hardis",
+        "hardis:refresh:before-refresh:org",
+        "refresh:hardis:before-refresh:org",
+        "refresh:before-refresh:hardis:org",
+        "refresh:before-refresh:org:hardis",
+        "hardis:org:before-refresh:refresh",
+        "org:hardis:before-refresh:refresh",
+        "org:before-refresh:hardis:refresh",
+        "org:before-refresh:refresh:hardis",
+        "hardis:before-refresh:org:refresh",
+        "before-refresh:hardis:org:refresh",
+        "before-refresh:org:hardis:refresh",
+        "before-refresh:org:refresh:hardis",
+        "hardis:before-refresh:refresh:org",
+        "before-refresh:hardis:refresh:org",
+        "before-refresh:refresh:hardis:org",
+        "before-refresh:refresh:org:hardis"
+      ]
+    },
     "hardis:org:retrieve:packageconfig": {
       "aliases": [],
       "args": {},
@@ -9913,262 +9913,30 @@
       ],
       "aliasPermutations": [],
       "permutations": [
-        "hardis:project:audit:remotesites",
-        "project:hardis:audit:remotesites",
-        "project:audit:hardis:remotesites",
-        "project:audit:remotesites:hardis",
-        "hardis:audit:project:remotesites",
-        "audit:hardis:project:remotesites",
-        "audit:project:hardis:remotesites",
-        "audit:project:remotesites:hardis",
-        "hardis:audit:remotesites:project",
-        "audit:hardis:remotesites:project",
-        "audit:remotesites:hardis:project",
-        "audit:remotesites:project:hardis",
-        "hardis:project:remotesites:audit",
-        "project:hardis:remotesites:audit",
-        "project:remotesites:hardis:audit",
-        "project:remotesites:audit:hardis",
-        "hardis:remotesites:project:audit",
-        "remotesites:hardis:project:audit",
-        "remotesites:project:hardis:audit",
-        "remotesites:project:audit:hardis",
-        "hardis:remotesites:audit:project",
-        "remotesites:hardis:audit:project",
-        "remotesites:audit:hardis:project",
-        "remotesites:audit:project:hardis"
-      ]
-    },
-    "hardis:project:configure:auth": {
-      "aliases": [],
-      "args": {},
-      "description": "\n## Command Behavior\n\n**Configures authentication between a Git branch and a target Salesforce org for CI/CD deployments.**\n\nThis command facilitates the setup of automated CI/CD pipelines, enabling seamless deployments from specific Git branches to designated Salesforce orgs. It supports both standard Salesforce orgs and Dev Hub configurations, catering to various enterprise deployment workflows.\n\nKey functionalities include:\n\n- **Org Selection/Login:** Guides the user to select an existing Salesforce org or log in to a new one.\n- **Git Branch Association:** Allows associating a specific Git branch with the chosen Salesforce org.\n- **Merge Target Definition:** Enables defining target Git branches into which the configured branch can merge, ensuring controlled deployment flows.\n- **Salesforce Username Configuration:** Prompts for the Salesforce username to be used by the CI server for deployments.\n- **SSL Certificate Generation:** Automatically generates an SSL certificate for secure authentication.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's implementation involves several key technical aspects:\n\n- **SF CLI Integration:** Utilizes \n@salesforce/sf-plugins-core\n for command structure and flag parsing.\n- **Interactive Prompts:** Employs the \nprompts\n library for interactive user input, guiding the configuration process.\n- **Git Integration:** Interacts with Git to retrieve branch information using \n`git().branch([\"--list\", \"-r\"])`\n.\n- **Configuration Management:** Leverages internal utilities (`checkConfig`, `getConfig`, `setConfig`, `setInConfigFile`) to read from and write to project-specific configuration files (e.g., `.sfdx-hardis.<branchName>.yml`).\n- **Salesforce CLI Execution:** Executes Salesforce CLI commands programmatically via `execSfdxJson` for org interactions.\n- **SSL Certificate Generation:** Calls `generateSSLCertificate` to create necessary SSL certificates for JWT-based authentication.\n- **WebSocket Communication:** Uses `WebSocketClient` for potential communication with external tools or processes, such as restarting the command in VS Code.\n- **Dependency Check:** Ensures the presence of `openssl` on the system, which is required for SSL certificate generation.\n",
-      "examples": [
-        "$ sf hardis:project:configure:auth"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "devhub": {
-          "char": "b",
-          "description": "Configure project DevHub",
-          "name": "devhub",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "target-org": {
-          "aliases": [
-            "targetusername",
-            "u"
-          ],
-          "char": "o",
-          "deprecateAliases": true,
-          "name": "target-org",
-          "noCacheDefault": true,
-          "summary": "Username or alias of the target org.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        },
-        "target-dev-hub": {
-          "aliases": [
-            "targetdevhubusername"
-          ],
-          "char": "v",
-          "deprecateAliases": true,
-          "name": "target-dev-hub",
-          "noCacheDefault": true,
-          "required": false,
-          "summary": "Username or alias of the Dev Hub org.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        }
-      },
-      "hasDynamicHelp": true,
-      "hiddenAliases": [],
-      "id": "hardis:project:configure:auth",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Configure authentication",
-      "requiresProject": false,
-      "requiresDependencies": [
-        "openssl"
-      ],
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "project",
-        "configure",
-        "auth.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:project:configure:auth",
-        "project:hardis:configure:auth",
-        "project:configure:hardis:auth",
-        "project:configure:auth:hardis",
-        "hardis:configure:project:auth",
-        "configure:hardis:project:auth",
-        "configure:project:hardis:auth",
-        "configure:project:auth:hardis",
-        "hardis:configure:auth:project",
-        "configure:hardis:auth:project",
-        "configure:auth:hardis:project",
-        "configure:auth:project:hardis",
-        "hardis:project:auth:configure",
-        "project:hardis:auth:configure",
-        "project:auth:hardis:configure",
-        "project:auth:configure:hardis",
-        "hardis:auth:project:configure",
-        "auth:hardis:project:configure",
-        "auth:project:hardis:configure",
-        "auth:project:configure:hardis",
-        "hardis:auth:configure:project",
-        "auth:hardis:configure:project",
-        "auth:configure:hardis:project",
-        "auth:configure:project:hardis"
-      ]
-    },
-    "hardis:project:convert:profilestopermsets": {
-      "aliases": [],
-      "args": {},
-      "description": "\n## Command Behavior\n\n**Converts existing Salesforce Profiles into Permission Sets, facilitating a more granular and recommended security model.**\n\nThis command helps in migrating permissions from Profiles to Permission Sets, which is a best practice for managing user access in Salesforce. It creates a new Permission Set for each specified Profile, adopting a naming convention of `PS_PROFILENAME`.\n\nKey functionalities:\n\n- **Profile to Permission Set Conversion:** Automatically extracts permissions from a Profile and creates a corresponding Permission Set.\n- **Naming Convention:** New Permission Sets are named with a `PS_` prefix followed by the Profile name (e.g., `PS_Standard_User`).\n- **Exclusion Filter:** Allows you to exclude specific Profiles from the conversion process using the `--except` flag.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **External Plugin Integration:** It relies on the `shane-sfdx-plugins` (specifically the `sf shane:profile:convert` command) to perform the actual conversion.\n- **File System Scan:** It reads the contents of the `force-app/main/default/profiles` directory to identify all available Profile metadata files.\n- **Command Execution:** For each identified Profile (that is not excluded), it constructs and executes the `sf shane:profile:convert` command with the appropriate Profile name and desired Permission Set name.\n- **Error Handling:** Includes basic error handling for the external command execution.\n</details>\n",
-      "examples": [
-        "$ sf hardis:project:convert:profilestopermsets"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "except": {
-          "char": "e",
-          "description": "List of filters",
-          "name": "except",
-          "default": [],
-          "hasDynamicHelp": false,
-          "multiple": true,
-          "type": "option"
-        },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        }
-      },
-      "hasDynamicHelp": false,
-      "hiddenAliases": [],
-      "id": "hardis:project:convert:profilestopermsets",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Convert Profiles into Permission Sets",
-      "requiresProject": true,
-      "requiresSfdxPlugins": [
-        "shane-sfdx-plugins"
-      ],
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "project",
-        "convert",
-        "profilestopermsets.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:project:convert:profilestopermsets",
-        "project:hardis:convert:profilestopermsets",
-        "project:convert:hardis:profilestopermsets",
-        "project:convert:profilestopermsets:hardis",
-        "hardis:convert:project:profilestopermsets",
-        "convert:hardis:project:profilestopermsets",
-        "convert:project:hardis:profilestopermsets",
-        "convert:project:profilestopermsets:hardis",
-        "hardis:convert:profilestopermsets:project",
-        "convert:hardis:profilestopermsets:project",
-        "convert:profilestopermsets:hardis:project",
-        "convert:profilestopermsets:project:hardis",
-        "hardis:project:profilestopermsets:convert",
-        "project:hardis:profilestopermsets:convert",
-        "project:profilestopermsets:hardis:convert",
-        "project:profilestopermsets:convert:hardis",
-        "hardis:profilestopermsets:project:convert",
-        "profilestopermsets:hardis:project:convert",
-        "profilestopermsets:project:hardis:convert",
-        "profilestopermsets:project:convert:hardis",
-        "hardis:profilestopermsets:convert:project",
-        "profilestopermsets:hardis:convert:project",
-        "profilestopermsets:convert:hardis:project",
-        "profilestopermsets:convert:project:hardis"
+        "hardis:project:audit:remotesites",
+        "project:hardis:audit:remotesites",
+        "project:audit:hardis:remotesites",
+        "project:audit:remotesites:hardis",
+        "hardis:audit:project:remotesites",
+        "audit:hardis:project:remotesites",
+        "audit:project:hardis:remotesites",
+        "audit:project:remotesites:hardis",
+        "hardis:audit:remotesites:project",
+        "audit:hardis:remotesites:project",
+        "audit:remotesites:hardis:project",
+        "audit:remotesites:project:hardis",
+        "hardis:project:remotesites:audit",
+        "project:hardis:remotesites:audit",
+        "project:remotesites:hardis:audit",
+        "project:remotesites:audit:hardis",
+        "hardis:remotesites:project:audit",
+        "remotesites:hardis:project:audit",
+        "remotesites:project:hardis:audit",
+        "remotesites:project:audit:hardis",
+        "hardis:remotesites:audit:project",
+        "remotesites:hardis:audit:project",
+        "remotesites:audit:hardis:project",
+        "remotesites:audit:project:hardis"
       ]
     },
     "hardis:project:clean:emptyitems": {
@@ -11757,6 +11525,238 @@
         "xml:clean:project:hardis"
       ]
     },
+    "hardis:project:configure:auth": {
+      "aliases": [],
+      "args": {},
+      "description": "\n## Command Behavior\n\n**Configures authentication between a Git branch and a target Salesforce org for CI/CD deployments.**\n\nThis command facilitates the setup of automated CI/CD pipelines, enabling seamless deployments from specific Git branches to designated Salesforce orgs. It supports both standard Salesforce orgs and Dev Hub configurations, catering to various enterprise deployment workflows.\n\nKey functionalities include:\n\n- **Org Selection/Login:** Guides the user to select an existing Salesforce org or log in to a new one.\n- **Git Branch Association:** Allows associating a specific Git branch with the chosen Salesforce org.\n- **Merge Target Definition:** Enables defining target Git branches into which the configured branch can merge, ensuring controlled deployment flows.\n- **Salesforce Username Configuration:** Prompts for the Salesforce username to be used by the CI server for deployments.\n- **SSL Certificate Generation:** Automatically generates an SSL certificate for secure authentication.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's implementation involves several key technical aspects:\n\n- **SF CLI Integration:** Utilizes \n@salesforce/sf-plugins-core\n for command structure and flag parsing.\n- **Interactive Prompts:** Employs the \nprompts\n library for interactive user input, guiding the configuration process.\n- **Git Integration:** Interacts with Git to retrieve branch information using \n`git().branch([\"--list\", \"-r\"])`\n.\n- **Configuration Management:** Leverages internal utilities (`checkConfig`, `getConfig`, `setConfig`, `setInConfigFile`) to read from and write to project-specific configuration files (e.g., `.sfdx-hardis.<branchName>.yml`).\n- **Salesforce CLI Execution:** Executes Salesforce CLI commands programmatically via `execSfdxJson` for org interactions.\n- **SSL Certificate Generation:** Calls `generateSSLCertificate` to create necessary SSL certificates for JWT-based authentication.\n- **WebSocket Communication:** Uses `WebSocketClient` for potential communication with external tools or processes, such as restarting the command in VS Code.\n- **Dependency Check:** Ensures the presence of `openssl` on the system, which is required for SSL certificate generation.\n",
+      "examples": [
+        "$ sf hardis:project:configure:auth"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "devhub": {
+          "char": "b",
+          "description": "Configure project DevHub",
+          "name": "devhub",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "target-org": {
+          "aliases": [
+            "targetusername",
+            "u"
+          ],
+          "char": "o",
+          "deprecateAliases": true,
+          "name": "target-org",
+          "noCacheDefault": true,
+          "summary": "Username or alias of the target org.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        },
+        "target-dev-hub": {
+          "aliases": [
+            "targetdevhubusername"
+          ],
+          "char": "v",
+          "deprecateAliases": true,
+          "name": "target-dev-hub",
+          "noCacheDefault": true,
+          "required": false,
+          "summary": "Username or alias of the Dev Hub org.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:project:configure:auth",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Configure authentication",
+      "requiresProject": false,
+      "requiresDependencies": [
+        "openssl"
+      ],
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "project",
+        "configure",
+        "auth.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:project:configure:auth",
+        "project:hardis:configure:auth",
+        "project:configure:hardis:auth",
+        "project:configure:auth:hardis",
+        "hardis:configure:project:auth",
+        "configure:hardis:project:auth",
+        "configure:project:hardis:auth",
+        "configure:project:auth:hardis",
+        "hardis:configure:auth:project",
+        "configure:hardis:auth:project",
+        "configure:auth:hardis:project",
+        "configure:auth:project:hardis",
+        "hardis:project:auth:configure",
+        "project:hardis:auth:configure",
+        "project:auth:hardis:configure",
+        "project:auth:configure:hardis",
+        "hardis:auth:project:configure",
+        "auth:hardis:project:configure",
+        "auth:project:hardis:configure",
+        "auth:project:configure:hardis",
+        "hardis:auth:configure:project",
+        "auth:hardis:configure:project",
+        "auth:configure:hardis:project",
+        "auth:configure:project:hardis"
+      ]
+    },
+    "hardis:project:convert:profilestopermsets": {
+      "aliases": [],
+      "args": {},
+      "description": "\n## Command Behavior\n\n**Converts existing Salesforce Profiles into Permission Sets, facilitating a more granular and recommended security model.**\n\nThis command helps in migrating permissions from Profiles to Permission Sets, which is a best practice for managing user access in Salesforce. It creates a new Permission Set for each specified Profile, adopting a naming convention of `PS_PROFILENAME`.\n\nKey functionalities:\n\n- **Profile to Permission Set Conversion:** Automatically extracts permissions from a Profile and creates a corresponding Permission Set.\n- **Naming Convention:** New Permission Sets are named with a `PS_` prefix followed by the Profile name (e.g., `PS_Standard_User`).\n- **Exclusion Filter:** Allows you to exclude specific Profiles from the conversion process using the `--except` flag.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **External Plugin Integration:** It relies on the `shane-sfdx-plugins` (specifically the `sf shane:profile:convert` command) to perform the actual conversion.\n- **File System Scan:** It reads the contents of the `force-app/main/default/profiles` directory to identify all available Profile metadata files.\n- **Command Execution:** For each identified Profile (that is not excluded), it constructs and executes the `sf shane:profile:convert` command with the appropriate Profile name and desired Permission Set name.\n- **Error Handling:** Includes basic error handling for the external command execution.\n</details>\n",
+      "examples": [
+        "$ sf hardis:project:convert:profilestopermsets"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "except": {
+          "char": "e",
+          "description": "List of filters",
+          "name": "except",
+          "default": [],
+          "hasDynamicHelp": false,
+          "multiple": true,
+          "type": "option"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "hardis:project:convert:profilestopermsets",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Convert Profiles into Permission Sets",
+      "requiresProject": true,
+      "requiresSfdxPlugins": [
+        "shane-sfdx-plugins"
+      ],
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "project",
+        "convert",
+        "profilestopermsets.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:project:convert:profilestopermsets",
+        "project:hardis:convert:profilestopermsets",
+        "project:convert:hardis:profilestopermsets",
+        "project:convert:profilestopermsets:hardis",
+        "hardis:convert:project:profilestopermsets",
+        "convert:hardis:project:profilestopermsets",
+        "convert:project:hardis:profilestopermsets",
+        "convert:project:profilestopermsets:hardis",
+        "hardis:convert:profilestopermsets:project",
+        "convert:hardis:profilestopermsets:project",
+        "convert:profilestopermsets:hardis:project",
+        "convert:profilestopermsets:project:hardis",
+        "hardis:project:profilestopermsets:convert",
+        "project:hardis:profilestopermsets:convert",
+        "project:profilestopermsets:hardis:convert",
+        "project:profilestopermsets:convert:hardis",
+        "hardis:profilestopermsets:project:convert",
+        "profilestopermsets:hardis:project:convert",
+        "profilestopermsets:project:hardis:convert",
+        "profilestopermsets:project:convert:hardis",
+        "hardis:profilestopermsets:convert:project",
+        "profilestopermsets:hardis:convert:project",
+        "profilestopermsets:convert:hardis:project",
+        "profilestopermsets:convert:project:hardis"
+      ]
+    },
     "hardis:project:deploy:notify": {
       "aliases": [],
       "args": {},
@@ -15719,5 +15719,5 @@
       ]
     }
   },
-  "version": "6.14.4-beta202512080425.0"
+  "version": "6.14.4"
 }